Wi-Fi Protected
Access (WPA) is a security protocol used by many wireless
devices like routers, laptops, access points and so on. Stefan
Viehböck released a paper
titled “Brute forcing Wi-Fi Protected Setup” on 26th Dec 2011
detailing vulnerabilities associated with Wi-Fi Protected
Setup (WPS) – which is a feature of WPA which could allow an
attacker to recover the Pre-Shared Key (PSK) associated with
WPA protocol in a few hours very easily.

WPS was launched
somewhere in 2006, but the actual appliances/ devices came
into the market during 2007. In one of FAQ’s ofWi-Fi Alliance,
they mention “Wi-Fi Protected Setup is an optional
certification program developed by Wi-Fi Alliance designed to
ease set up of security-enabled Wi-Fi networks in the home and
small office environment.” Simply, WPS allows a user to enter
a 8 digit PIN without having to worry about navigating through
number of cumbersome configuration pages.

On 28th December
2011, Tactical Network Solutions
open sourced a tool code
named Reaver. They claim that with Reaver, WPS enabled router
passphrase can be recovered in 4-10 hours. So far no versions
of Reaver is supported in Windows platform. I’ve tested the
tool on Back Track 5 with following easy steps.

(reaver-1.1 is the
latest version at the time of writing this article, which
addresses some known bugs)

Now extract gzip
file

tar zxvf reaver-1.1.tar.gz

Now go to the
directory and configure

cd /reaver-1.1/src

./configure

make

make install

Before
launching Reaver, let’s check the help section.

Now let’s
launch an attack towards a pre-identified access point.

Bottom line, WPA
is not directly broken via Reaver. However, Reaver exposes a
side channel attack against WPA1 / WPA2 enabled wireless
access points by exploiting a protocol design flow in WPS.
Reaver exploits a primitive vulnerability on the PIN, it
brute-forces the PIN until the correct one is recovered. With
the PIN, Reaver extracts the PSK.

The issue here is
that most wireless routers are affected and no vendor has
announced a patch so far. But as a workaround, you can disable
WPS (if it’s possible on your device). US CERT/CC has assigned
VU#723755
for this vulnerability. You can also check vulnerable vendors
from the above URL.

So what’s
important here? Does it mean not to use wireless access
points? Well, don’t - if you can afford to. Generally, it’s
recommended to conduct a proper risk assessment for all
information that will travel over the WLAN and restrict
sensitive information.

Let’s summarize
the major types of access points here.

1.Open networks

This is like
radio; you just need to tune in. You can connect to the
network without any passwords/ keys. Sniffing packets is
really easy.

2. Networks
protected with WEP

Wireless
Equivalent Privacy (WEP) was the first standard aimed at
introducing security into wireless networks. Many open source
tools (such as Aircrack) are freely available to break into a
WEP network. A WEP network can be broken in minutes - provided
that you have the right gear and captured an adequate amount
of data packets.

3. Networks
protected with WPA1/ WPA2

Wi-Fi
Protected Access (WPA) was introduced to address the
shortcomings of WEP. There are various implementations of this
protocol. One major improvement in WPA over WEP is the
Temporal Key Integrity Protocol (TKIP), which dynamically
changes keys as the system is used. Using mechanisms we
explained at the beginning of this article, WPA can be broken
via side channel attacks.

'....Just
how much cybercrime happens on Facebook? About 4 million
Facebook users experience spam on a daily basis, 20% of
Facebook users have been exposed to malware, and Facebook
sees about 600,000 cases
of hijacked log-ins every day.'ses
of hijacked log-ins every day.

'....Google Docs is a helpful office suite and data storage
service that allows users to collaborate on documents with
ease but, unfortunately, it is also a very useful tool for
phishers.

Sophos
has recently spotted two distinct phishing campaigns - one
targeting the customers of the Australian ANZ Bank and the
other the users of a web portal of a North American school -
where the phishing forms are hosted this Google
service......'

Wi-Fi Protected Setup (WPS) contains a design error that
could allow a weaker-than-expected defense against
brute-force attacks, which could allow an attacker to gain
unauthorized access to the affected system.

Notice Board

Training and
Awareness Programmes - December 2011

Date

Event

Venue

-

15-19

ICT training for the teacher
in-charges of Connecting classroom project

ICT Laboratory of ICT Branch ,
Ministry of Education

-

30-3 Feb

ICT training
for the teacher in-charges of Connecting classroom project

Computer laboratory of ICT
Branch, Ministry of Education

-

24-2 Feb

Interviews to
recruit ICT teachers for the “Development of 1000
secondary schools project”.